Configuring RADIUS-Based Mirroring ! 165
Chapter 6: Packet Mirroring
Configuring RADIUS-Based Mirroring
RADIUS-based packet mirroring enables you to mirror traffic related to a specific
user, without regard to how often the user logs on or off, or which E-series router or
interface the user uses. RADIUS-based mirroring is particularly appropriate for large
networks, because you can use a single RADIUS server to provision mirroring on
multiple E-series routers in a service provider’s network. RADIUS-based mirroring is
useful when debugging network problems related to mobile users, who do not
always log on to a particular router.
You configure RADIUS-based mirroring independent of the actual mirroring
session—you can configure the mirroring parameters at any time. RADIUS-based
mirroring uses RADIUS and VSAs, rather than CLI commands, to specify the user
whose traffic is to be mirrored. The VSAs specify attributes that are carried in
Access-Accept messages and change-of-authorization messages from the RADIUS
dynamic-request server to the E-series router.
RADIUS Attributes Used for Packet Mirroring
Ta b l e 2 8 lists the packet mirroring triggers. The triggers are RADIUS attributes that
identify a user whose traffic is to be mirrored. A packet mirroring session starts
when the router receives a RADIUS packet that contains mirroring attribute and
then applies the mirroring configuration to the appropriate interface. For example,
packet mirroring starts when a logon request occurs that contains a specified
User-Name attribute.
The triggers also enable RADIUS-initiated mirroring to start when the user is already
logged in.
NOTE: You cannot use RADIUS-initiated packet mirroring to mirror static
interfaces, which might not be authenticated through RADIUS. To mirror static
interfaces, you must use CLI-based mirroring.
NOTE: RADIUS-based packet mirroring is not supported on LAC L2TP sessions if
the LAC uses domain maps to create tunnels or if authentication is disabled for
both LAC and PPP termination.
Table 28: RADIUS Attributes Used as Packet Mirroring Triggers
Standard Number Attribute Name
[1] User-Name
[8] Framed-IP-Address
[26-1] Virtual-Router-Name
[31] Calling-Station-ID
[44] Acct-Session-ID
[87] Nas-Port-ID
To Next Page
Loading...
Need help?
General
